Data security of Docue's service
It is of the utmost importance to us that our users' information and documents are protected and safely stored.
System development
We are currently building an information security management system according to the ISO 27001 information security standard.
In the development of our system, we always follow the best practices in the industry and we constantly make updates to our service, e.g. taking into account the latest OWASP recommendations. Our developers and administrators are regularly trained in information security matters.
The data security of our applications and server environments are regularly tested (six times a year!) by an external data security company.
User login information and access rights
Each user has a personal username tied to their e-mail. Users can log in to the service either with their Google or Microsoft usernames, or with a personal password.
Login information is not stored on the server in plain language and Docue does not have access to user passwords. As an additional layer of security, a verification code is sent to the user's mobile phone if the user logs into the service from a different device or browser.
User rights are managed per each company's account, and account administrators define which rights each user has and which information each user has access to.
Protection of data traffic and documents
All communication between the computer and the server is encrypted using SSL technology.
For our electronic signature service, a personal PIN code is required to open the signature link, which is sent to the recipient of the signature link. A 256-bit HASH hash is calculated for each document after all signatures have been collected. The seal is stored on the server together with the document and can be used to detect if the document is changed after signature. In other words, the seal can be used to verify whether the document was made with Docue and that the document has not been modified after signing.
All document material is stored encrypted on the server. The service administrator does not have access to the document except with permission.
Servers and security level control
Documents and user data are stored on servers that use best-in-class security and protection practices.
The servers are located in Amazon's data centers in the EU region and the backups are geographically distributed. In addition, the information is always spread over several different servers and locations. As additional security, all data is regularly backed up to a backup server located in the environment of a service provider independent of Amazon.
The incoming and outgoing data traffic of the servers is controlled by firewalls. The server providers monitor data traffic in real time and, based on the analysis, immediately intervene if there are detected threats.